This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes after JNDI realm Authentication, need further specificity on authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "after JNDI realm Authentication, need further specificity on authentication" Watch "after JNDI realm Authentication, need further specificity on authentication" New topic
Author

after JNDI realm Authentication, need further specificity on authentication

robyne vaughn
Ranch Hand

Joined: Jun 04, 2003
Posts: 38
I have a jndi realm set up in my tomcat 4.12 which is working and authenticates against microsoft's Active Directory Server. (not my choice, mandated)

Within that same context, I have a need to secure several programs to an administrator only and would rather not have to edit every one of them to programmatically check for the user who is trying to access them. In other words, some programs within the context will be available to everyone and some should only be available to the administrator.

Any clever ideas on how to go about this?

Here is my context from my server.xml:

<Context path="/mrcjava" docBase="/mrcjava" debug="0" reloadable="true" privileged="true">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="mrcjava_log" suffix=".txt" timestamp="true"/>
<!-- Robyne's code: JNDI to ActiveDirectoryServer Authentication: -->
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
connectionURL="ldap://99.999.9.9:389"
connectionName="CN=name,OU=CO,dc=name1,dc=name2"
connectionPassword="password"
referrals="follow"
userBase="dc=name1,dc=name2"
userSearch="(&(sAMAccountName={0})(objectClass=user))"
userSubtree="true"
roleSearch="(uniqueMember={0})"
rolename="cn"
/>
</Context>


I wish I could add within the context this additional memory realm:

<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
debug="0" resourceName="UserDatabase"/>

Which I did try. Interestingly, tomcat will run, but nothing will authenticate.


ps. here is the bottom of my web.xml where I tried to enable the above:
<security-constraint>
<web-resource-collection>
<web-resource-name>/mrcjava</web-resource-name>
<url-pattern>*.jsp</url-pattern>
<url-pattern>/LNGDIST/mrcmenu.html</url-pattern>
<url-pattern>/GetAttsMaint</url-pattern>
<url-pattern>/GetAttsRpt</url-pattern>
<url-pattern>/GetAttsOptions</url-pattern>
<url-pattern>/GetAttsOptionsNew</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>


<security-constraint>
<web-resource-collection>
<web-resource-name>/mrcjava</web-resource-name>
<url-pattern>/GetAttsAdmin</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>NTSADMIN</role-name>
</auth-constraint>
</security-constraint>




<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldapRealm</realm-name>
<form-login-config>
<form-login-page>/LNGDIST/login.jsp</form-login-page>
<form-error-page>/LNGDIST/login_error.jsp</form-error-page>
</form-login-config>
</login-config>

<security-role>
<role-name>LD</role-name>
</security-role>

<security-role>
<role-name>NTSADMIN</role-name>
</security-role>

</web-app>


newbie, would appreciate any creative ideas you have.
Thanks,
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: after JNDI realm Authentication, need further specificity on authentication
 
Similar Threads
Configure JNDI Realm
JSP and Active Directory Integration
Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)
how to redirect to success page in tomcat using its lapd configuration
problem with ldap auto authentication on Tomcat 6.0